Well, another spell of threats and controversy begins : without too much furor : let's hope !
Whatever your browser..somewhere free of discrimination....impartiality/moderation has got to shine thro' !! Not always an easy choice !!
Thankyou for the support thro' the last month. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.Please refrain from scoring on both threads.
Security remains the main theme of the thread with some related and varied topics.Scroll down for the latest posts !!
Please note that no entry/post should be taken as a personal recommendation, unless otherwise stated.Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

By Kevin Murphy •
Posted in Hosting, 2nd September 2011 12:38 GMT
Police in the UK could get new powers to suspend internet domain names without a court order if they're being used for illegal activity, under rules proposed to .uk registry manager Nominet.

A Nominet volunteer policy team has recommended the creation of an "expedited" process for shutting down addresses when the police say "the urgent suspension of the domain name is necessary to prevent serious and immediate consumer harm".

The proposed rules, if adopted, would apply to any address ending in .uk, such as example.co.uk.

Game over for DigiNotar and its PKIoverheid fiefdom
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 3rd September 2011 04:20 GMT
The network breach in July that forged a near-perfect replica of a Google.com credential minted more than 200 other SSL certificates for more than 20 different domains, a top manager for Mozilla's Firefox browser said.

In stern rebuke of substandard practices at Netherlands-based certificate authority DigiNotar, Director of Firefox Engineering Johnathan Nightingale recited a litany of failures that put entire internet populations at risk. Bad enough was DigiNotar's inability to accurately account for the certificates it issued, and its six-week delay in warning Mozilla of fraudulent certificates detected in mid July, one of which spoofed the sensitive https://addons.mozilla.org site.

Worse yet was the determination that DigiNotar's lapses resulted in “multiple reports of these certificates being used in the wild.”

“The integrity of the SSL system cannot be maintained in secrecy,” Nightingale wrote in the first, and long-overdue, reprimand of DigiNotar. “Incidents like this one demonstrate the need for active, immediate and and comprehensive communication between CAs and software vendors to keep our collective users safe online.”

Nightingale went on to confirm what El Reg reported earlier today: that Mozilla was updating its software to permanently distrust two DigiNotar certificates formally adopted by the Dutch authorities for official government business. Previously, Mozilla, Google and possibly Microsoft excepted DigiNotar-signed PKIoverheid certificates from their ban after being assured by the Dutch officials they weren't compromised during the security breach DigiNotar detected on July 19.

“The Dutch government has since audited DigiNotar's performance and rescinded this assessment,” Nightingale wrote. “We are now removing the exemption for these certificates, meaning that all DigiNotar certificates will be untrusted by Mozilla products. We understand that other browser vendors are making similar changes.”

Around the same time Nightingale issued his statement, Google released a new version of its Chrome browser that also adds all DigiNotar certificates to a permanent block list.

Representatives with Microsoft have repeatedly declined to answer questions for the past 36 hours. Google officials have confirmed that preparations are under way to block the additional certificates but said discussions are still underway about whether they will follow suit.

Nightingale's update coincided with a bare-bones report from a Dutch news service that said Netherlands Interior Minister Piet Hein Donner gave a press conference in the early hours of Saturday in which he announced plans to “hand over control of internet security to a different firm.”

DigiNotar is a wholly owned subsidiary of Vasco Data Security, an Illinois-based provider of two-factor authentication products and services. The company has barely uttered a peep since the fraudulent certificates first surfaced six days ago. ®

Is It Really Necessary To Logout of Web Sites?
By Lincoln Spector, PCWorld

Keith Stanley wants to know if he should really logout of Web sites that require a login when he's done with them.

That depends on the site, and on the computer you're using.

There's not much danger if we're talking about your own computer. The chances of someone accessing your account via an active logon are pretty thin. And in cases where it might happen, it's probably because either your PC is already infected, or an untrustworthy person has physical access to it. Either way, you're already in trouble.

But I'm a cautious person, and I recommend others be cautious, as well. That's why I recommend logging out of financial and retail sites, where someone else's illegal access can have serious consequences. I don't bother loggin out of other sites.

You really don't want to stay logged onto a financial site indefinitely. If a criminal can get access to your bank account or credit card number, your life is going to become very unpleasant. Luckily, most financial sites will log you out automatically after a certain number of minutes of no activity.

We're revoking trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program. For more details about the security issues see the Google Security Blog post about DigiNotar and an update from Mozilla, who is also moving to revoke trust in these certificates.

The Web vs. the world: 9 epic battles
The Web and the real world don't always get along. Though the Internet has revolutionized our society in countless positive ways, the always-on network has also created various problems. Ultimately, it's a game of trade-offs: We gain certain benefits from its presence and accept certain drawbacks. In many cases, it's hard to say which side comes out ahead -- and in some instances, the pluses and minuses harden into something like open combat. Here are some conflicts that pit the Web against the world.

Hackers have come a long way since teenagers made code in their bedrooms

Hackers are secretive, but they are also social. Many spend their spare time in chat rooms and forums discussing their latest targets, techniques and conquests. Eavesdropping on those conversations offers a fascinating insight into their motives.

Say hacker to someone and they are likely to trot out the usual aged clichés - geek, loner, bedroom-bound teenager.

Philosopher is unlikely to feature high on the list. But it seems the modern-day hacker spends a lot of time contemplating the meaning of life.

"Each has a philosophy and they want to discuss it," says Noa Bar Yosef.

She ought to know. Her job with security firm Imperva involves hanging around in hacker forums trying to work out what motivates them.

It is a murky, idiosyncratic world where Ms Yosef admits she spends far too much time.

In one group she visits, members discuss the best reading matter for would-be thinkers.

Computerworld - The Microsoft executive who heads the company's Windows division said Wednesday that the next edition of the operating system will let users treat the traditional desktop as "just another app" that loads only on command.

In a lengthy blog post, Steven Sinofsky, president of Microsoft's Windows and Windows Live division, provided more detail on Windows 8's user interface (UI).

In June, when it unveiled parts of the Windows 8 UI, Microsoft said the new OS would feature a "touch-first" interface to help it compete in the fast-growing tablet market. Underneath that, however, would be a traditional Windows-style desktop. In demonstrations, Microsoft showed the touch-style start screen for Windows 8, and how users could switch to a more familiar icon-based design.

After breaching the Dutch CA (Certification Authority) DigiNotar, Iranian hackers managed to sign forged certificates for the domains of spy agencies CIA, Mossad and MI6. Leading certification authorities like VeriSign and Thawte were also targeted, as were Iranian dissident sites.

The cyber attack on DigiNotar, a Dutch subsidiary of VASCO Data Security International Inc, is much more serious than previously thought. In July, hackers gained access to the network and infrastructure of several of DigiNotar's CAs. Once inside, they generated hundreds of forged certificates for third-party domains.

With these certificates hackers can potentially syphon off user login credentials by spoofing a legitimate site, complete with a functioning but forged SSL-certificate, apparently issued by DigiNotar.

The forged certificates match domains of the U.S. Central Intelligence Agency, the Israeli secret service Mossad, and the British spy agency MI6. On top of that, the hackers created false certificates of other CA's like VeriSign and Thawte, in an attempt to also misuse their trusted position in securing Internet communications.

Service provider hacked
By Drew Cullen • Get more from this author
Posted in Site News, 5th September 2011 06:51 GMT
On early Sunday evening, UK time, The DNS records of many websites, including those of The Register and The Telegraph, were hijacked and redirected to a third party webpage controlled by Turkish hackers.

The Register's website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we shut down access / services - in other words, anything that requires a password - as a precaution. These are now restored.

Volume of Malware Increases According to McAfee's Second Quarter 2011 Report
McAfee recently released a second quarter report for 2011 in which they highlight the challenges posed by hacktivist groups such as LulzSec and Anonymous.

One of the most important changes that occurred in the malware security field was that mobile platforms became more targeted. In the first quarter of 2011, Android was the third most targeted mobile platform, but now it has moved to first place, with Java Micro Edition following up in second position.
As for cybercrime activities, the number of email address books up for sale to spammers has increased.
Prices for these enterprises vary according to location.
For instance, in the United States, an address book containing 1.000.000 addresses costs $25, while in Turkey the same number of addresses costs $50.
In the past quarter, new products were discovered among exploit kits, the most notable being Eleonore Version 1.6.5, with two 2011 exploits, and Best Pack, with one 2011 exploit.
On the good side, law enforcement around the world has continued making progress against the threats imposed by cybercriminals. Their united efforts with security providers has lead to a significant decrease in the number of messaging threats.

AVG Technologies, a world renowned security provider, has recently released the results of a survey trying to determine which U.S. city inhabits are most gullible when it comes to digital scams.

The residents of 35 major cities were put to the test and the results were conclusive.

The study showed that 40 percent of Americans don't use a password to protect their mobile devices and 34 percent of those that do, have not changed it in the past year. Also, 75 out of 100 mobile phone users don't back up their data, relying on their service providers to make a restoration in case something might happen.

Results are not reassuring when it comes to PC users either.

23 percent of them never back up the data on their personal computer and 38 percent admit that they share their passwords with at least one other person.

Almost half the participants of the survey never run a manual anti-virus scan to check for infections on their computing devices, while more than 60 percent never bother to use an identity monitoring service.

JR Smith, CEO of the company stated, in regards to this study, that “recent news demonstrates that consumers need to be more vigilant than ever about safeguarding the personal information sitting on their PCs and mobile devices”.

He also said that even though customers are getting smarter about online threats, they still don't fully understand why they should protect each and every of their internet enabled devices.

So here is a list of the cities that took part in the survey, starting with the most vulnerable to online threats:-

Spoofed certificates for .microsoft.com and .windowsupdate.com are among those issued by Dutch-based DigiNotar, which has been at the center of a scandal involved fraudulent certificates used to attack users of Google.com sites.

Microsoft has confirmed officially that certificates for its own online properties from DigiNotar have also been compromised, and already took measures in order to ensure that customers running Internet Explorer on Windows Vista and Windows 7 are protected.

Dave Forstrom, director, Trustworthy Computing reveals that while the investigation into the matter continues, a couple of DigiNotar root certificates have been removed.

“As always, we continue to take action to ensure the safety of our customers. We have already removed the two DigiNotar root certificates, which encompass what we believe to be the vast majority of the fraudulently issued digital certificates, from the Certificate Trust List. All fraudulent certificates that have been disclosed to Microsoft roll up to one of those two root certificates,” Forstrom said.

Vista and Windows 7 users which also run IE have been protected against attacks since the end of August.

“Users of Vista and later operating systems have been protected since we released Security Advisory 2607712 on August 29,” Forstrom added.

“In addition, customers using Windows Update on any platform are not at risk of exploitation from the windowsupdate.com certificate, since that domain is no longer in use. The Windows Update service uses multiple means of checking that the content distributed is legitimate and uncompromised.”

Jim Pearson wants to change the default location for Windows 7's version of Windows Explorer, and have it default to opening C:\

The simplest way to open the Windows 7 version of Explorer is to click the folder icon in the task bar. This opens an Explorer window in the Libraries location, which gives you one-click access to your documents, pictures, videos, and music.

For most people, the Libraries location makes a reasonable place to start exploring, but you may not be like most people. Depending on your work habits, My Computer, My Documents, DropBox, or some other alternative may make more sense.

The easiest solution to opening Explorer where you want it is to pin your location to the Windows Explorer icon on the taskbar. To do this, open Windows Explorer. Find your desired location in the left pane, and drag it to the Windows Explorer icon on the taskbar. When you let go, it will be "pinned" to the Explorer menu.

This won't actually change the default. When you simply click the Windows Explorer icon, you'll still get Libraries. But if you right-click that icon, you'll find your desired location on the resulting menu.

You can also drag the location to the desktop or the Start menu and open your preferred location from there.

However, because the mechanism for Windows XP different, users of the decade old operating system are still at risk from potential attacks, until such a time when Microsoft will issue an update.

The Redmond company has already confirmed that in addition to the initial spoofed certificates for Google.com, it has also detected fraudulent certificates issued for .microsoft.com, .windowsupdate.com, www.update.microsoft.com.

The software giant has yet to share the specific release deadline of an update for Windows XP.

“We are currently preparing an update for Windows XP and Windows Server 2003 platforms which will add DigiNotar to our Untrusted Certificate Store. This update will be available soon,” noted Jonathan Ness, MSRC Engineering.

Microsoft flips 'kill switch' on all DigiNotar certificates
Permanently blocks all SSL certificates issued by Dutch company hacked in June

By Gregg Keizer
September 6, 2011
Computerworld - Microsoft today updated Windows to permanently block all digital certificates issued by a Dutch company that was hacked months ago.

The update -- the second for Windows Vista and Windows 7, but the first for the decade-old Windows XP -- moves all DigiNotar SSL (secure socket layer) certificates to Windows' block list, dubbed the Untrusted Certificate Store. Microsoft's Internet Explorer (IE) uses that list to bar the browser from reaching sites secured with dubious certificates.

Internet users are becoming more aware of the dangers lurking behind the screens of their computer and that's why phishers are turning up the notch with new methods of luring unsuspecting people into their nets.

The latest “phishing expedition” was observed by Symantec and described in detail on their official blog.

The malicious site was masked as a software company that offered considerable discounts on their products. Users were then lead to a page where they would be required to give out all their personal information, including credit card details, which would later be used to gain control of the person's financial records.

Many people were drawn to the page by the up to 80% savings they could make on the website's main page.

You might think that all phishers use this tactic to attract unknowing victims, but this is where things become interesting. The page containing the offers was hosted on a newly registered domain which ranked high in most of the popular search engines. This was achieved by using keywords in the domain name which are very common in related searches.

The worst is yet to come, as the people behind this ill-intended practice managed to make fake trust seals which bought them a whole lot of credibility. End users tend to trust security seals as they normally represent the approval of a third party security company which confirms the legitimacy of the website.

The seals seemed legit because of some sub-domain randomization techniques used by the phishers.

Always remember that the best way to protect yourself against these threats is by being cautious. Also, here is some general advice on how to avoid phishing attacks:

- never click on suspicious links contained in email or instant messages;

- make sure that when you check the security seal of a website, the URL from the seal-proving window is a secure HTTPS address;

Users who've visited the Web Directories site on the 4th of September might have been redirected to a third party page leveraging the Incognito exploit kit.

One of the largest directories on the internet, the site was compromised after a program line, representing a redirect to a malicious address containing exploit codes, was inserted.

An analysis made by the Websense Security Labs revealed that the hacking tool involved is known as Incognito, which silently infects the client computers with a Trojan virus.

According to the Security Labs blog, Incognito is a Malware as a Service (MaaS) which has two versions running in the wild.

Underground communities make use of it to launch automated attacks, with the purpose of spreading malware.

This particular tool can be purchased and even rented by those who want to infect the computers of unsuspecting internet users with their own malicious software. If the price for such an exploit kit can reach as high as a few thousand dollars, it can be rented for a weekly fee of $200 of a 15% share of the generated traffic.

The cybercriminals who make use of such means work in close collaboration with those who spread fake anti-virus programs. These programs are masqueraded as AV solutions which actually give the hacker access to the target computer.

Chrome Beta Channel Update
Tuesday, September 6, 2011 | 12:50
The Chrome Beta channel has been updated to 14.0.835.157 for Windows, Mac, Linux, and Chrome Frame. This release has a number of stability fixes, along with revoking trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Two new releases of Mozilla’s open source browser are now available for download to end users, namely Firefox 6.0.2 and Firefox 3.6.22.

Customers need to deploy either Firefox 6.0.2 or Firefox 3.6.22, depending on the version of the browser they’re currently running, and they should update as soon as possible.

Christian Legnitto, Firefox release manager at Mozilla, explained that Firefox 6.0.2 and Firefox 3.6.22 come to increase user security in the context in which the company needs to provide protection against spoofed DigiNotar certificates leveraged in attacks in the wild.

“Firefox 6.0.2 and Firefox 3.6.22 are now available as free downloads for Windows, Mac, Linux, and Android,” Legnitto stated.

By Jaikumar Vijayan
September 7, 2011 06:00 AM ETAdd a comment
Computerworld - Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.

The report, released last week by the Bipartisan Policy Center's National Security Preparedness Group (NSPG), offers a broad assessment of the progress that government has made in implementing the security recommendations of the 9/11 Commission. The comments about cyber security are part of broader discussion on nine security recommendations that have yet to be implemented.

The report, the foreword to which is signed by Lee Hamilton, a former Democratic representative from Indiana, and Thomas Kean, former governor of New Jersey, notes that catastrophic cyberattacks against U.S. critical infrastructure targets are not a mere theoretical threat.

"This is not science fiction," the NSPG said its report. "It is possible to take down cyber systems and trigger cascading disruptions and damage. Defending the U.S. against such attacks must be an urgent priority."

A warning message from Microsoft turns out to be a scam that blackmails people into handing them over amounts of money, supposedly taken for the activation of the product.

Cybercriminals have just created a new method of scaring unsuspecting victims. The new virus finds its way into the computer's registries and just before the operating system starts, a warning message appears on the screen.

Ransom.AN, as the virus is called, warns users that their license for Microsoft Windows has expired and that they would have to pay 100 euros in order to make the computer functional again.

A new type of malware fools people into opening malicious programs masqueraded as images, music or documents.

The new threat utilizes features of Unicode to show .exe files as apparently harmless ones, analysts calling this new exploit “Unitrix.”

A standard Unicode function, normally used to display alphabets in which the words are spelled from right to left, is misused by the malware to reverse the name of the file in the same way. After a special override code is added, a complete transformation occurs, turning something like cod.exe into exe.doc.

“The typical user just looks at the extension at the very end of the file name; for example, jpg for a photo. And that is where the danger is,” revealed Jindrich Kubec, head of the AVAST Virus Lab.

“The only way a user can know this is an executable file is if they have some additional details displayed elsewhere on their computer or if a warning pops up when they try and execute the file,” he also states.

Microsoft today said it will dispense five security updates next week to patch 15 vulnerabilities in Windows, Excel, SharePoint Server, and Groove.

All five updates will be rated "important," the second-highest threat ranking in Microsoft's four-step system.

Microsoft usually ships a smaller number of updates in odd-number months, and kept to that plan today: September's volume is down from August's, when the company patched 22 vulnerabilities with 13 "bulletins," the word it uses to describe individual security updates.

"Not a lot there, but then we didn't expect much," said Andrew Storms, director of security operations at nCircle Security. "It is the light month, the down month."

The company laid out the bare bones of the upcoming patches in an advanced notice of next week's Patch Tuesday.

Two of the updates affect Windows, with one of the pair impacting only the server editions: Server 2003, Server 2008 and Server 2008 R2. The second bulletin patches one or more bugs in all supported versions of the operating system, including the decade-old XP and the much newer Windows 7.

Mozilla demands security checks from CAs
The browser maker has demanded that certificate authorities comply to a list of security tests -- or else

By Robert Lemos | InfoWorldFollow @infoworld

Browser maker Mozilla has showed how much it trusts certificate authorities to handle their own security: Not much.

On Thursday the Mozilla Foundation, responsible for the development of the Firefox browser, requested that certificate authorities complete a list of security checks in the next eight days. CAs that fail to comply with the request could find their root certificate and any certificates issued by the firm deemed untrustworthy by Mozilla.

"Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe," Kathleen Wilson, the program manager is charge of Mozilla's CA Certificates Module, said in an email to certificate authorities.

Mozilla is demanding that certificate authorities audit their infrastructure to confirm that it's secure; highlight any dependencies on other CAs; have high hurdles to changes submitted for high-profile domains; require two-factor authentication; and demand that suppliers all take these steps as well.

Microsoft's cloud computing suite Office 365 went offline briefly, along with Hotmail and Skydrive
Millions of Microsoft users were left unable to access some online services overnight because of a major service failure.

Hotmail, Office 365 and Skydrive were among the services affected.

Microsoft was still analysing the cause of the problem on Friday morning, but said it appeared to be related to the internet's DNS address system.

Such a major problem is likely to raise questions about the reliability of cloud computing versus local storage.

Especially embarrassing is the temporary loss of Office 365, the company's alternative to Google's suite of online apps.

Its service also went offline briefly in mid-August, less than two months after it launched.

SOFTWARE OUTFIT Microsoft is talking up fast boot times for its next PC operating system, Windows 8, and the first demos are impressive.
Microsoft tested Windows 8 startup times in comparison to Windows 7 on 30 computers. The results showed that Windows 8 won every time, with at least a quarter of boot time saved, if not as much as three quarters.
In fact, the boot time was so fast in a video demonstration that it took only about seven seconds from the push of the power button until Windows 8 was fully booted. Of course, this will depend on the specifications of a computer, but it seems that the next version of Windows could give the fast booting Linux operating systems a run for their money.

How to Protect Yourself From Certificate Bandits
By John P. Mello Jr., PCWorld

There have been two major Certificate Authority (CA) attacks this year. In March, a hacker successfully penetrated one of the largest CA's on the Web--Comodo--and managed to issue bogus certificates to himself (including one for Yahoo). The second incident took place this week when a Dutch CA, Diginotar, was compromised and a number of fake certificates were issued.

So how does a Certificate Authority attack work? Certificate bandits break into companies--such as Comodo and Diginotar--that issue digital credentials that your browser uses to verify a website's identity. This credential tells your browser that the site can be "trusted," i.e. that it's not dangerous. Certificate bandits, however, can undermine this entire process by issuing fake certificates to themselves that allow them to masquerade as "safe" sites, such as Google, Mozilla, Skype, and AOL.

Here are four ways you can protect yourself from hackers wielding fraudulent certificates.

The certificate authority GlobalSign is back online after making sure that the infamous ComodoHacker hasn't got access to their systems.

After claiming the attack on DigiNotar, ComodoHacker made a post on his Pastepin account threatening CAs that he has access to four other companies, one of which was GlobalSign.

The company quickly took measures and shut off any activity to check for breaches in the system. They even went so far as calling the team that handled the situation at the Dutch CA.

On September 9, officials stated that the certificate issuing servers were physically offline, in the sense that they were cut off from the rest of their network and put into quarantine for further investigations. After a week of inactivity, they decided that on Monday everything will be back online as they had already lost a lot of customers.

Just a few hours later, they've released another statement to the press saying that a breach was found on their web server.

Fortunately, “The breached web server has always been isolated from all other infrastructure and is used only to serve the www.globalsign.com website. At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely,“ as stated by company officials.

It seems as some CAs are collaborating along with the authorities to gather as much evidence as they can related to the recent threats and attacks.

Because the web server matter doesn't seem to have anything to do with the certificate processing network, the scheduled relaunch for all their systems on Monday will be maintained.

Google Web History Vulnerable to Firesheep Hack
By John E Dunn, Techworld.com

Two researchers have shown how a modded version of the Firesheep Wi-Fi sniffing tool can be used to access most of a victim's Google Web History, a record of everything an individual has searched for.

The core weakness discovered by the proof-of-concept attack devised by Vincent Toubiana and Vincent Verdot lies with what is called a Session ID (SID) cookie, used to identify a user to each service they access while logged in to one of Google's services.

Every time the user accesses an application, the same SID cookie is sent in the clear, which the Firesheep captures from the data sent to and from a PC connected to a non-encrypted public Wi-Fi hotspot. (See also "Secure Your PC and Website From Firesheep Session Hijacking.")

Reader Steve uses a program called Vipre Premium to keep his PC secure. The suite offers anti-virus, anti-malware, anti-spyware, a firewall, e-mail protection--basically, the works.

But Steve also runs Malwarebytes Anti-Malware. And Microsoft Security Essentials (though with real-time protection turned off). Steve’s question: should he turn on MSE’s real-time protection and “run it concurrently with Vipre?”

Short answer: no. Definitely not. In fact, I’d say Steve is running too much security software as it is. And that's a common mistake.

For starters, the Vipre suite is more than sufficient. I can see keeping Malwarebytes Anti-Malware on hand just in case some infection sneaks through, but if you’re using the Pro version--which, unlike its freebie sibling, offers real-time scanning--then it’s competing with Vipre. In fact, when you overlap security products like that, they can seriously impact system performance and even falsely recognize each other as being a threat.

Kimono hastily snatched closed again 'til Tuesday
By John Leyden •
Posted in Enterprise Security, 12th September 2011 10:13 GMT
Microsoft inadvertently published details of the patches it plans to publish on Tuesday following a slip-up by its security gnomes last week.

Patch Tuesday pre-alerts normally reveal little more than the applications Microsoft intends to update and the severity of the vulnerabilities addressed. However this month the software giant leaked details of the security holes it plans to close: five fairly run-of-the-mill updates that affect Office and Windows and have a maximum severity rating of "important".

Vulnerability management experts and Microsoft are downplaying the significance of the leak.

Wolfgang Kandek, CTO of security outfit Qualys, commented: "While the information is interesting and certainly helpful for us (it makes life somewhat easier for our QA lab) I don't believe there is any heightened security risk with the early exposure."

"If the patches (i.e. the binaries) themselves had been revealed then indeed it would give attackers a 4-day head start," he added.

Microsoft Security Response admitted the problem on its Twitter feed on Saturday, adding that it had deleted the text. "Some of you may have seen an early peek at Tuesday’s draft bulletin text, we’ve since removed the content," it said. "Stay tuned for Tuesday." ®

Mercenary zombies for hire to dumbed-down Baron Samedis
By John Leyden •
Posted in Malware, 12th September 2011 13:03 GMT
Cybercrooks have set up a web store that offers rented access to compromised machines on the TDSS/TDL-4 botnet.

The latest version of the TDSS botnet agent bundles a component that turns compromised machines into a proxy connected to awmproxy.net.

AWMproxy - which purportedly accepts payment via PayPal, MasterCard, and Visa - charges between $3 per day to $300 a week to would-be Baron Samedis who don't have the nous to acquire their own zombies. The site even offers a Firefox add-on to customers, further dumbing down the process.

Applications including surfing the net anonymously with someone else's IP address or launching cyber attacks, according to security blogger Bryan Krebs. Owners of infected systems used to send threats or view images of child abuse could find themselves in legal hot water.

TDSS/TDL-4 is one of the most sophisticated botnets to date. The malware behind the bot uses rootlet techniques to disguise its presence on infected systems.

By Gregg Keizer
September 12, 2011
Computerworld - The CEO of a certificate-issuing company that was hacked in March is even more certain now that a wave of attacks against similar firms is backed by the Iranian government.

"I think even more so now than before," said Melih Abdulhayoglu, the CEO and founder of Comodo, a Jersey City, N.J.-based security company that is also one of hundreds of certificate authorities, or CAs, allowed to issue SSL (secure socket layer) certificates.

The certificates authenticate the identity of websites, to show, say, that Google is really Google.

Last March, after Comodo confirmed that its network had been breached and nine certificates stolen -- including ones for Google, Microsoft and Yahoo -- Abdulhayoglu said he believed the attacks came were backed by the Iranian government.
"We believe these are politically motivated, state driven/funded attacks," Abdulhayoglu said at the time.

A recent research shows that because of mistyped email addresses a lot of important information could be sent into the wrong hands.

Domain typo&#8208;squatting is widely used by spammers and hackers to spread out malicious messages to those who mistype a letter in the name of an address. The new type of scam, using Doppelganger Domains, consists of buying a name similar to a legitimate one, but missing the dot between the domain and the subdomain.

Godai Group researchers Peter Kim and Garrett Gee, the authors of the paper, have put up a small experiment to prove their point.

They've purchased 30 hostnames that were very similar to the ones owned by important companies and corporations and then they sat back and observed the results.

In no time they realized that this wasn't a joke and when the experiment was over 6 months later they've found themselves with 120.000 emails, representing 20 gigabytes of data received on the dummy accounts.

The statistics are clear. 425 of them contained the word “secret”, while 405 messages contained a password for a certain service.

The researchers stated that these Doppelganger Domain can be used by hackers for man-in-the-middle attacks.

A rogue program tricks you into downloading, and buying, something you don't need. In general, rogues pretend to be demo versions of security or maintenance programs, and scare users with reports of dying hard drives or horrible infections. Their goal is to make you panic, so you will give them money.

The good news is that your hard drive really isn't dying. The bad news is that your PC really is infected. But what they're selling isn't the cure; it's the problem.

The screen grab below is of Windows Restore, the actual rogue that hit HikeWik's computer. It looks like a real maintenance utility. My thanks to BleepingComputer.com for allowing me to use this image.

So if a program you've never seen before suddenly pops up with a warning of horrible disaster, consider the possibility--no, the likelihood--that you're being had. Search the Internet for the exact words of the error message, in quotes, plus the word rogue, outside the quotes. For instance:

The Unholy APT-botnet union
By Dan Goodin in San Francisco • Get more from this author
Posted in Crime, 13th September 2011 05:00 GMT
Hackers sponsored by the Chinese government and other nations are collaborating with profit-driven malware gangs to infiltrate corporate networks storing government secrets and other sensitive data, researchers say.

In many ways, the relationship between state-sponsored actors and organized crime groups that target online bank accounts resembles the kind of mutually benefiting alliances found in nature everyday. Just as human intestines create the ideal environment for certain types of bacteria – and in turn receive crucial nutrients and digestive assistance – crimeware operators often cooperate with government-backed spies perpetrating the kinds of APTs, or advanced persistent threats, that have pillaged Google, RSA Security, and other US companies.

To start in the US next month
By Kate O'Flaherty
Mon Sep 12 2011, 13:10
SOFTWARE GIANT Microsoft will launch a major overhaul of its Hotmail email service next month.
The upgrade will include improvements to security, performance and how it deals with spam.
Microsoft sent an email about an event to be held on 3 October in New York and San Francisco, which said, "We listened. We learned. We reinvented Hotmail from the ground up."
"Forget everything you thought you knew about Hotmail. Just don't forget this date," the software giant added.
Whether the upgrade will be enough to entice users back from Gmail is another matter entirely. µ

The new Symantec Certificate Intelligence Center is an add-on option for VeriSign MPKI for SSL and it's designed to aid companies in discovering and managing SSL Certificates across their entire network, regardless of the certificate authority that issued them.

The cloud-based service was created by Symantec after the recent events involving rogue certificates and certain CAs. Customers began to fear that some of the fake certificates might affect their businesses because they couldn't keep track of the ones used inside their offices.

As we've recently witnessed with GlobalSign, an SSL certificate issue can disrupt business continuity and efficiency, costing the company a whole lot of time and with it large amounts of money.

The Certificate Intelligence Center was built by Symantec's Business Authentication Group in close collaboration with their most important clients and it will enable administrators to easily observe and manage anything that has to do with online certification, including the quick detection of illegal authentication documents.

Other features include the ability to configure user roles and privileges, which means that not only administrators can have access to the application, but also others who might need it.

Microsoft's latest OS will be found on 42 per cent of PCs by year end.
By Maggie Holland, 13 Sep 2011 at 10:20

Windows 7 will feature on almost half of the PCs used around the world by the end of the year, according to the latest research from Gartner.

Some 42 per cent of machines will be running Microsoft's latest operating system in the near future, as budget improvements free up money for business upgrades.

The analyst firm has predicted that 94 per cent of new PCs in 2011 will ship with Windows 7 pre-installed.

"Steady improvements in IT budgets in 2010 and 2011 are helping to accelerate the deployment of Windows 7 in enterprise markets in the US and Asia/Pacific, where Windows 7 migrations started in large volume from 4Q10," said Annette Jump, Gartner's research director.

"However, the economic uncertainties in Western Europe, political instability in selected Middle East and Africa (MEA) countries and the economic slowdown in Japan after the earthquake and tsunami in March 2011 will likely lead to slightly late and slow deployment for Windows 7 across those regions."

By Anh Nguyen
September 13, 2011 04:16 AM ET1 Comment
Computerworld UK - A number of Linux websites, including LinuxFoundation.org and Linux.com, have been pulled offline after a security breach.

The breach is believed to be related to the hack of the Kernel.org website that is home to the Linux Project, nearly two weeks ago.

In a holding message on its website, the Linux Foundation said that it had discovered a security breach on Sept. 8, which led to its taking down the Linux websites and their subdomains for maintenance.

The Linux Foundation infrastructure also supports services such as Open Printing and Linux Mark. However, it does not house the Linux kernel or its code repositories.

"The Linux Foundation made this decision in the interest of extreme caution and security best practices.

"We believe this breach was connected to the intrusion on kernel.org," the statement on Linux Foundation said.

While the Linux Foundation is restoring services, it warned users that their passwords may be compromised, and advised them to change them urgently:

"As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately."

The foundation added that it is auditing all its systems, and will provide an updated statement when it has more information.

Users who want to find out more about the issue can contact the foundation on info@linuxfoundation.org.

Germany's consumer protection minister Ilse Aigner is once again calling on her peers to ditch the use of Facebook by government officials, citing what she believes are valid "justified legal doubts" raised about the social network.

In a letter to German newspaper Spiegel, Aigner wrote to urge her cabinet colleagues to "no longer use the Facebook button on all official government internet sites under our control".

She cited "an extensive legal probe" to back up her concerns about data protection.

Aigner asked all government ministries in Germany to stop using fan pages on Facebook – a practice that has become commonplace by central and local gov departments in the UK.

Hook used for rootkit redundancy
By Lucian Constantin
Tue Sep 13 2011, 14:32
SECURITY RESEARCHERS at Chinese antivirus firm 360 have identified a piece of malware that installs rogue code into the BIOS of targeted computers.
Dubbed BMW by 360 and Mebromi by other security vendors, the threat has separate components for the operating system, the master boot record (MBR) and the system BIOS.
A computer's BIOS holds a set of low-level instructions that execute before the boot loader to detect and initialise the computer's hardware components.
There are various types of BIOS, depending on motherboard and manufacturer, but according to 360, BMW only infects Award BIOS versions produced by Phoenix Technologies.
The malware adds a BIOS module called HOOK.ROM, which determines if malicious code has been erased from the MBR and restores it if necessary.
The MBR instructions serve a similar purpose. They check to see if certain Windows files are still infected before the operating system starts and reinfects them if they're not.
Thus, the BIOS hook and MBR code restore the rootkit at every reboot. Ultimately malicious code is added to winlogon.exe on Windows XP and Windows Server 2003, and to wininit.exe on Windows Vista and Windows 7.

More at :-http://www.theinquirer.net/inquirer/news/2108817/b...
BIOS malware is very rare, which makes BMW an interesting find, however hooking BIOS for malicious purposes is not a new concept. One of the first attempts to put it into practice was in 1999 with the CIH virus that ended up damaging infected systems.

And let that be a lesson to them! No, not that lesson
By Andrew Orlowski •
Posted in Government, 13th September 2011 13:41 GMT
In August the government said it wouldn't implement the Digital Economy Act's web-blocking powers. But it still thinks pirate websites hurt British business and wants something to make accessing them more more difficult, and to make sanctions against them less expensive.

But what might all this look like?

According to a leak to the FT (behind paywall), Jeremy Hunt will float a number of proposals in a speech tomorrow ranging from an IWF-like industry group which would agree on a blacklist to technical and commercial measures against the pirates. Search engines might be expected to demote pirate sites in the listings, or put warning stickers against them in Google.

"We intend to take measures to make it more and more difficult to access sites that deliberately facilitate infringement, misleading consumers and depriving creators of a fair reward for their creativity," Hunt's speech says - according to the FT.

Malware Hidden in Windows Help Files Viruses and other malicious software contained in simple help files are not news to internet security specialists, but the fact that these pieces of malware are sent using email messages is part of a more recent scheme deployed by cybercriminals to fool unsuspecting victims.

Symantec's blog informs us about these new targeted attacks that come as emails and infect our computers with all sorts of ill-intended applications that are used by those who control them to take over our virtual lives.

Targeted attacks are not uncommon, in many cases hiding under "innocent" formats such as jpg, avi, doc and pdf. Other such methods imply the forgery of executable icons to make them look like harmless file formats.

As most people know, .hlp extensions are normally handled by Windows Help and they contain information on how to work with certain applications and facilities.

This new technique used by hackers is very efficient because typically, a vulnerability needs to be exploited in order for an attack code to be executed and in case the target computer's security is up to date, the hit will probably fail.

Help files on the other hand call Windows API to be executed and this way the planted code is ran along with it.

While the victim only sees a blank Windows Help window, his system is being infected with all sorts of bad things.

The popular uTorrent website was hacked on Monday morning at approximately 4 AM, the attackers replacing the standard client software download with a fake anti-virus.

Luckily, two hours later the site's administrators noticed the hack and took the affected servers offline.

It was initially believed that BitTorrent.com was also hit, but in a later update on their blog, website representatives stated that after further analysis they could not confirm that BitTorrent.com or the BitTorrent Mainline/Chrysalis were part of the incident.

Users who might have downloaded the “scareware” program would be alerted after installation on the presence of a virus. The application called Security Shield then requests payment in order to remove the virus.

“We recommend anyone who downloaded software between 4:20 a.m. and 6:10 a.m. PT run a security scan of their computer,” said as a recommendation BitTorrent administrators.

“We take the security of our systems and the safety of our users very seriously. We sincerely apologize to any users who were affected,” they added.

As a clarification, the blog informs clients that only those who took the software from the uTorrent website between the specified hours could be affected in any way. Others who downloaded the application before or after are surely safe.

This type of malware is not easy to remove, so if you're among those who've transferred the program in the critical timeline, make sure you do a complete scan of your system and in case a threat is detected, take the necessary steps to remove it.

We've recently seen this type of scareware in a few isolated situations, but it seems that online "blackmail" methods are quickly covering ground.

uTorrent is one of the world's most popular torrent clients because it's known to be small, fast and highly accessible. Part of its popularity comes from the fact that it can be installed on multiple platforms including Linux and Mac.

Google has moved one step closer to releasing the Google Chrome 15 Beta. With the latest Google Chrome 15.0.874.12 now in the dev channel, there will only be a few more releases before graduating this version of Chrome to the beta channel.

Chromebook owners also got the latest dev channel update, bringing with it several fixes and a new Web UI login.

"The Dev channel has been updated to 15.0.874.12 for Windows, Mac, Linux, and Chrome Frame," Dharani Govindan from the Google Chrome team announced.

"Updated V8 3.5.10.7; Print preview issues with self-closing popups have been fixed; Fixed many known stability issues," he listed the fixes in the latest build.

For Chromebook owners, the latest update brings several stability and functionality fixes as well as a refreshed login screen.

Unfortunately, Google Chrome 15.0.874.12 also comes with a known issue for Chromebook users, there is a rendering glitch in Gmail when scrolling down on long email conversation threads.

Google Chrome 15 comes with the usual performance improvements and tweaks. On the UI front, there's not much new, but it introduces the revamped new tab page as well a new way of managing bookmarks.

It shouldn't be long now before Google Chrome 15 is pushed to the beta channel for desktop and Chromebook users alike. Google Chrome 16, which is already underway, will enter the dev channel at that point.

At the same time, Google Chrome 14 should be going stable any time now, replacing the current Chrome 13. It won't be until Chrome 14 is launched in the stable channel that a new beta will arrive, so expect a major stable update very soon now.

Norton Puts a Stop to the Worries Caused by Multiple Licenses
Norton is preparing to launch a completely personalized service that will allow customers to choose a combination of the services they want to use to protect their different devices.

Norton One will be available in the first half of 2012 and it will work on a wide range of appliances and platforms, from mobile phones to PCs and even Apple products.

The marketing strategy used by Symantec for this product is driven by the hassle people go through to secure the large variety of devices that need real-time protection against ever present threats mainly coming from the internet.

Market studies have apparently revealed that regular consumers in the United States own, on average, more than 4 devices.

The company realized that each of these needs a different security application and because they commercialize most types of these solutions they decided to unite all of them into a single interface.

The membership-based offering will present advantages like a single membership to cover all the apparatus in a household. Furthermore, each technology and each support option will be hand picked by the client based on his necessities.

Nearly seven months after Intel shelled out $7.68 billion for antivirus vendor McAfee, the two companies are offering a glimpse of their future.

At the Intel Developer Forum in San Francisco Tuesday, McAfee will provide an early look of its new effort to build security protections outside of the OS, using Intel's chip-level hooks that allow McAfee's Endpoint Protection Software to get a better look at malicious software such as rootkits.

Called DeepSafe, the software is something new for the antivirus industry, said Candace Worley, senior vice president and general manager of McAfee Endpoint Security. "This level of technology has never existed before," she said. "It's brand new; it's been jointly developed between the two companies."

DeepSafe is McAfee's answer to advanced hacking technologies, such as rootkits, that seem to be getting better and better at slipping malicious software onto PCs unnoticed.

The malware, Trojan.Agent.ARVP, is currently targeting users in Russia but could easily be translated.

By eSecurityPlanet Staff |
BitDefender researchers are warning of new ransomware that locks down victims' computers, stating that child pornography was found on them, and demands a $17 fee to restore access.

"The trojan, Trojan.Agent.ARVP, is currently targeting users in Russia, but a quick translation could change that, according to the report," writes Threatpost's Brian Donohue. "The malware is spreading through malicious links on social networking sites right now."

"Users have 12 hours to pony up the $17, before the scammers forward the (likely non-existent) child-porn to local authorities," Donohue writes. "The threat goes on to claim that if the fine remains unpaid, users’ data will be deleted, operating system uninstalled, and BIOS erased."

"Apache 2.2.21 has a patch for the CVE-2011-3192 vulnerability that the group previously fixed in late August with the release of version 2.2.20," writes Threatpost's Dennis Fisher. "The vulnerability is an old one that recently resurfaced after a researcher published an advisory on a modified version of the bug and also released a tool capable of exploiting the vulnerability."

"Apache 2.2.21 also includes a fix for a second vulnerability, CVE-2011-3348, which is a separate denial-of-service flaw," Fisher writes.

Go to "Apache Releases Version 2.2.21 With New Fix For Range Header Flaw" to read the details.

File under Build rumours
By Lucian Constantin
Thu Sep 15 2011, 13:58
REPORTS COMING IN from Microsoft's BUILD conference showcasing Windows 8 to software developers this week claim that the upcoming operating system will bundle in an antivirus feature.
According to ZDNet, the Redmond software giant plans to implement anti-malware functions of its Microsoft Security Essential (MSE) product into Windows Defender, the anti-spyware component that has been enabled by default in Windows ever since Vista.
Microsoft has not yet confirmed this rumour, but if it's true the decision will cause a lot of controversy and probably lead to fresh antitrust allegations against Microsoft, as happened with Internet Explorer and Windows Media Player.
From a consumer's perspective, the move could have both good and bad consequences. Security experts agree that any antivirus protection is better than none.
"Anything which encourages Joe User to run up-to-date anti-virus software has to be a positive thing. There are too many poorly protected home computers out there, which have been commandeered into botnets," said Graham Cluley, a senior technology consultant at antivirus vendor Sophos.

TDSS rootkit gets a Bitcoin update
By Lucian Constantin
Thu Sep 15 2011, 15:46
SECURITY RESEARCHERS at Russian antivirus vendor Kaspersky Lab warn that TDSS, one of the most dangerous and widespread family of rootkits, recently received an update that forces infected computers to mine Bitcoins.
TDSS rootkits have consistently grown in sophistication since first appearing in 2008. The latest version known as TDL4 installs itself in the master boot record (MBR) and is capable of infecting all Windows versions, including 64-bit Windows Vista and Windows 7, which require signed device drivers.
TDL4 is notoriously hard to remove or even detect, which led security researchers at Kaspersky to describe its botnet as indestructible in the past.
The vendor's malware experts have recently analyzed a TDSS sample collected from a computer that was constantly exhibiting 100 per cent CPU utilisation. It turns out that the variant had been configured to execute a component called conhost.exe with special parameters.
Further investigation revealed that conhost.exe was a copy of the Ufasoft GPU Bitcoin miner application. Bitcoin is a popular peer-to-peer virtual currency that can be exchanged by users over the Internet without the need of an intermediary bank or payment processing service.
This Bitcoin mining scheme exhibits the same sophistication one would expect from the TDSS gang. It uses a mining pool proxy and encrypted credentials, making it impossible for security researchers to determine how many Bitcoins were mined by the botnet and what accounts received them.

It would seem that the New York State Police is sending traffic tickets to those who were caught speeding via email. If you open the attachment, you might not have to pay the ticket, but you'll sure have to thoroughly disinfect your computer.

According to a printscreen of the email provided by Bkis Blog, the “Uniform Traffic Ticket” comes from the address no-reply@nyc.gov, which you can realize it would probably fool a lot of people.

Apparently, the message comes from the Department of Motor Vehicles and it informs the unsuspecting victim that he was caught speeding in New York city at a certain time and he is charged of committing the violation “speed over 55 zone.”

The receiver is requested to print out the attached ticket and send it out to the town court of Chatam at a provided PO BOX.

Attached to the email is an archive that contains what seems to be a .pfd file. This file is actually a Trojan which connects to a number of addresses and downloads a few other malicious elements.

The Trojan was identified as being W32.FakeHddRepair.Trojan which constantly displays hardware error messages.

Later it turns out to be a piece of scareware that starts a fake hardware scanner which informs the user of hard drive errors and in order to resolve these issues, the application needs to be activated. Of course that the activation comes at a price that the victim has to pay if he wants to get rid of all the pesky alerts.

An up-to-date anti-virus solution should be enough to prevent the virus from acting up, but of course, if you don't want to get infected in the first place, you should control your curiosity in these situations. As mentioned many times before, state officials will never send important things over email and banks will never ask for credit card information.

ICO raps Child Exploitation and Online Protection Centre for unsecured web site The Child Exploitation and Online Protection Centre (CEOP) has agreed to make changes to its web site to ensure that data sent to the organisation is always encrypted, the Information Commissioner's Office (ICO) has revealed.
Problems with the web site of CEOP, a division of the Serious Organised Crime Agency (Soca), first came to light in April when the ICO received a complaint that information sent via an online form could be intercepted during transmission.

CEOP chief executive Peter Davies and Soca director general Trevor Pearce have now signed an undertaking to ensure that the CEOP site is regularly tested for weaknesses relating to the processing of personal data.

Microsoft nixes plug-ins, including Flash, from IE10 Metro
One skin of Internet Explorer to be bundled with Windows 8 will support plug-ins like Flash, another will not

By Gregg Keizer | Computerworld

Microsoft will not support browser plug-ins, including Adobe's Flash, in one of the two versions of IE (Internet Explorer) to be bundled with Windows 8, a company executive said today.

As he explained Microsoft's reasoning, Dean Hachamovitch, the executive who leads the IE team, used some deja vu, echoing motives cited by Apple's then-CEO Steve Jobs more than a year ago.

IE10, the edition included with the Windows 8 developer preview that Microsoft launched earlier this week, will come in two flavors. One will run in the Metro interface, the tile-based look borrowed from Windows Phone 7, while the other will run on the more traditional desktop, also available to Windows 8 users.

Microsoft called the former "Metro style IE."

That's the one that will be "plug-in free," Hachamovitch said in a Thursday blog.

"The Metro style browser in Windows 8 is as HTML5-only as possible, and plug-in free," said Hachamovitch. "The experience that plug-ins provide today is not a good match with Metro style browsing and the modern HTML5 Web."

Both versions of IE10 on Windows 8 will use the same rendering engine, added Hachamovitch in a separate blog entry published Wednesday.

The Dev channel has been updated to 15.0.874.15 for Windows, Mac, Linux, and Chrome Frame.
Updated V8 3.5.10.9
JavaScript fullscreen API now enabled by default.
Bug fixes and visual improvements for the New Tab Page.
Fixed many known stability issues.
Known Issue: Linux-only: Chrome crashes with Ctrl+P. [Issue: 96734]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

General Inspectorate of Romanian Police and Business Software Alliance have agreed on a protocol that will regulate the cooperation methods between the organizations in the attempt to prevent and combat software piracy.

The new partnership, valid for a period of two years, implies the deployment of joint projects, campaigns and informational activities meant to raise the awareness of consumers and companies on the risks involved in copyright infringement.

The first common action is represented by the campaign called “Software without license is a luxury you can't afford!”, which aims at informing the general public about legal matters and consequences that might result from the use of bootlegged applications.

A large number of companies will receive detailed information in the following weeks on every aspect related to piracy and digital rights. Also, a special phone line and websites will be made available to those who want to know more on the matter.

Q I have a USB memory key but the device offers no indication of its capacity. Is there any way of finding out how much storage it has?
Brian HillierA Right-clicking the memory key’s icon in Windows Explorer and choosing Properties from the menu that appears will open a dialogue box that shows the drive’s capacity.
However, it’s worth knowing that some unscrupulous vendors fake the apparent capacity in the memory key’s circuitry in order to fool buyers. If you want to be certain of the device’s capacity, use a free tool called H2testw. (The site is in German, but the download link is obvious enough).
The memory key will need to be formatted first (so anything stored on it should be backed up first), then launch the program, select the drive and click the Write + Verify button to test its capacity.
Depending on the drive’s actual capacity, this may take some time – but it will report the genuine size of the drive and also detect any errors that may affect how much data it can store.

The U.S. Government's National Vulnerability Database has assigned a CVSS (Common Vulnerability Scoring System) rating of 7.8, "indicating a complete Operating System denial of service," Oracle said.

But Oracle took issue with that assessment in its security alert.

"A complete Operating System denial of service is not possible on any platform supported by Oracle, and as a result, Oracle has given the vulnerability a CVSS Base Score of 5.0 indicating a complete denial of service of the Oracle HTTP Server but not the Operating System," it stated.

In any event, the bug is serious enough for Oracle to issue the patch outside of its usual large quarterly updates, the next of which is scheduled for Oct. 18.

SpyEye Trojan stole $3.2 million from U.S. victims
The amounts stolen and the number of large organizations potentially impacted is cause for serious concern, says Trend Micro

By John E Dunn | Techworld

A Russian cybergang headed by a mysterious ringleader called 'Soldier' were able to steal $3.2 million from U.S. citizens earlier this year using the SpyEye-Zeus data-stealing Trojan, security company Trend Micro has reported.

Over a six month period from January 2011, Trend found that the Soldier gang had been able to compromise a cross-section of U.S. business, including banks, airports, research institutions, and even the U.S. military and Government, as well as ordinary citizens.

A total of 25,394 systems were infected between 19 April and 29 June alone, 57 percent of which were Windows XP systems with even Windows 7 registering 4,500 victim systems.

Bing and Yahoo Advertise Malware
Search engines should improve their advertisement techniques as it seems that malware spreading websites might appear to users who were looking to download things like Skype, Firefox or Adobe Player.

The GFI Labs blog revealed their discovery after noticing that something was fishy after the websites behind the links appeared to be a bit off.

While hiding behind what seemed to be genuine link belonging to Yahoo and other known portals, the connections led to rogue sites that kept redirecting the user.

It seems as all the malicious links reroute to a domain called “en-softonic.net”, which is packed with malware just waiting to be downloaded by unsuspecting people.

For instance, the Firefox install kit actually releases a rootkit that runs Internet Explorer in the background and performs automated clicks on advertisements. The discovered Win32.Malware!Drop also makes redirects to malicious websites when Google is used to seek something.

Yahoo and Microsoft were alerted on the issue and promised to take care of it.

By Gregg Keizer
September 16,
Computerworld - Google today patched 32 vulnerabilities in Chrome, paying more than $14,000 in bug bounties as it also upgraded the stable edition of the browser to version 14.

The company called out a pair of developer-oriented additions to Chrome 14 and noted new support for Mac OS X 10.7, aka Lion, including full-screen mode and vanishing scrollbars.

Google last upgraded Chrome's stable build in early August. Google produces an update about every six weeks, a practice that rival Mozilla also adopted with the debut of Firefox 5 last June.

Fifteen of the 32 vulnerabilities were rated "high," the second-most-serious ranking in Google's four-step scoring system, while 10 were pegged "medium" and the remaining seven were marked "low."
None of the flaws were ranked "critical," the category usually reserved for bugs that may allow an attacker to escape Chrome's anti-exploit sandbox. Google has patched several critical bugs this year, the last time in April.
More at :-http://www.computerworld.com/s/article/9220094/Goo...

Google Alerts Spread ZeroAccess Trojans
Google Alerts members who want to be informed about Trojans get a lot more than they bargained for, as they receive links with real threats just waiting to be accessed by unsuspecting victims.

John Barrett from CleanBytes set up his Google Alerts account to send him updates on anything related to Trojans and yesterday he received a link that apparently came from WCBI.

After clicking on it, he was directed to a place that resembled a Megaupload site. The page is actually a fake and if the download button is pressed, an odd looking file called 2_setup.exe, that's supposed to contain a Trojan anti-virus, is offered.

Upon submission to VirusTotal, the results revealed that a ZeroAccess Trojan was masqueraded as the “innocent” looking file.

A recent study made by AVG and the research agency The Future Laboratory revealed that cybercrime will soon be at an all-time high, not because of inefficient software that cannot keep systems protected, but as a result of the human element involved, codenamed wetware.

The report shows that malware is getting more complex and more difficult to detect, while internet users become less active when it comes to protecting their virtual belongings and machines.

A mammoth army of infected computers is being assembled, but it's unclear yet what purpose they will be put to.

Wave after wave of malicious e-mail attachments has been sent out since August, and with average success rates for such mailings, millions of machines could be compromised, says Internet security firm Commtouch.

BACKGROUND: Brace for email-attachment malware spree

Once infected, the computers can be loaded with additional malware that can perform a range of activities, including spamming, participating in DDoS attacks, stealing bank credentials and compromising e-mail and social-network accounts, according to an upcoming Commtouch blog post. (See also "How to Avoid Malware.")

But what this botnet will do remains a mystery. "The purpose of this vast computing force is still not clear," the blog says.

Japan's biggest defence contractor, Mitsubishi Heavy Industries, has become the victim of a malware-based hack attack.

The firm said that the attack resulted in the infection of 10 of its sites across Japan, including its submarine manufacturing plant in Kobe and a facility in Nagoya which makes engine parts for missiles. In total 45 network servers and 38 PCs became infected with eight strains of malware, including Trojan horse programs, the Daily Yomiuri reports.

News of the security breaches emerged over the weekend. Mitsubishi said the circumstances of the intrusions – first detected in mid-August – are under investigation, with a report due by the end of the month. In the mean time the firm is playing down suggestions that the malware may have been used to successfully extract industrial secrets via compromised systems

Windows 8 to get important security tweaks
'Secured boot' will be the biggest new protection; most of the rest are enhancements from what appeared in Windows 7 and earlier
By John E Dunn | Techworld

Windows 8 will ship with a number of small but important security tweaks Microsoft hopes will make it a harder target for the viruses, worms, and Trojans that were able to subvert older versions of the operating system.

Most of the security features mentioned by Windows president Steven Sinofsky at last week's Build conference extend design features that appeared in Vista and Windows 7 and have gradually been added through updates.

A new attempt made by hackers to scare people relies on using Skype voice calls to alert random members that their computer is unprotected.

After each article about spammers and fake anti-virus, I think “This is probably it! They've used up all their techniques and probably nothing new will take us by surprise.”

It is clear that I am wrong. This time, Skype automated calls are made to random customers. They are alerted that their devices are unprotected and in order to solve the issue they should visit a certain website mentioned in the audio recording.

Beware of BEAST decrypting secret PayPal cookies
By Dan Goodin in San Francisco •
Posted in ID, 19th September 2011 21:10 GMT
Rackspace Managed Cloud voted 'Best SMB Product of the Year'
Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.

At the Ekoparty security conference in Buenos Aires later this week, researchers Thai Duong and Juliano Rizzo plan to demonstrate proof-of-concept code called BEAST, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts. The exploit works even against sites that use HSTS, or HTTP Strict Transport Security, which prevents certain pages from loading unless they're protected by SSL.

Secrecy caused as much trouble as getting hacked
By John Leyden •
Posted in Enterprise Security, 20th September 2011 14:29 GMT

Disgraced digital certificate firm DigiNotar has filed for bankruptcy in The Netherlands.

Hackers broke into DigiNotar's systems in June before creating forged digital certificates in the names of Google and other high-profile targets. The forged Google.com SSL credentials were used to spy on 300,000 Iranian internet users, according to a subsequent analysis of authentication lookup logs on DigiNotar's systems. Comodohacker, the boastful Iranian black hat who had claimed credit for an earlier attack on digital certificate firm Comodo, also claimed credit for the DigiNotar hack.

By Gregg Keizer
Computerworld - Microsoft re-released an update today for Windows XP to correct a snafu that left users vulnerable to potential "man-in-the-middle" attacks for most of last week.

Monday's update addressed a gaffe introduced last week when Microsoft blocked six additional root certificates issued by DigiNotar that were cross-signed by a pair of other certificate authorities (CAs).

September 20th, 2011, 18:21 GMT · By Lucian ParfeniFirefox 7 Is Coming in a Week, Here's What You Need to Know

Firefox 7 should be coming in seven days. Mozilla is pushing a new version of the popular browser once every six weeks now, so the last couple of releases haven't really been that impressive.

But Firefox 7 is gearing up to be the biggest update since Firefox 4, with a number of performance improvements, some UI tweaks and support for newer technologies.

Significant memory usage improvements

The headliner in Firefox 7 is the memory usage improvement. Mozilla started the MemShrink effort to optimize memory usage in Firefox, which had again become a problem after the release of Firefox 4.

The team around the project has been squashing bugs and working on new ways of improving memory use and plugging leaks. It's an ongoing effort, but already, Firefox comes with some significant improvements.

Your mileage may vary, but improvements in memory consumption can be as much as 20 percent, 30 percent and even 50 percent in more extreme cases.

As a result, Firefox 7 will be the slimmest Firefox ever, quite an achievement, especially with websites and web apps becoming more powerful and more hungry for resources.

Firefox 7 drops the 'http' and the trailing slash from the address box

Microsoft has re-released an update for Windows XP SP3 and Windows Server 2003 designed to revoke the trust of all DigiNotar root certificates.

It appears that there were a range of issues with the original KB 2616676, which placed only certain DigiNotar certificates in the Microsoft Untrusted Certificate Store, while still leaving users exposed to potential attacks leveraging others.

This is why the Redmond company is now providing a brand new KB 2616676 update, designed to resolve the problems with the initial release. The software company stresses that the refresh only impacts XP and Windows Server 2003.

“Customers who have enabled automatic updates are already protected and no further action is required, and others are recommended to download the cumulative version of the KB2616676 to protect themselves from the fraudulent certificates listed in Security Advisory 2607712.”

EFF builds system to warn of certificate breaches
With its distributed SSL Observatory, the Electronic Frontier Foundation hopes to detect compromised certificate authorities and warn users about attacks

By Robert Lemos | InfoWorldFollow @infoworld

The detection of rogue certificates has generally relied on luck. In the case of DigiNotar, intruders had control of systems for more than two months, and Google discovered the issue only because its Chrome browser includes hard-coded copies of its certificates and a user reported an attack. The Electronic Frontier Foundation, a digital rights group, aims to change all that with a new detection system.

The EEF, along with developers at the Tor Project and consulting firm iSec Partners, has updated its existing HTTPS Everywhere program with the ability to anonymously report every certificate encountered. The group will analyze the data so that it can detect any rogue certificates -- and by extension, compromised authorities -- its users encounter, says Peter Eckersley, technology projects director for the EFF.

"Even if there is an attack that, say, only happens in Syria, if someone in Syria has turned on the [feature] we'll get a copy of the certificate that has been used to attack them and we can study that," Eckersley says. "We will also be able to send back a warning to them, if we have been able to work out that it is an attack."

Goes from video to video games
By Lawrence Latif
Wed Sep 21 2011, 12:00
SOFTWARE DEVELOPER Adobe has announced that it will launch Flash Player 11 and Air 3 in October, at roughly the same time as Apple's Iphone 5 is expected to tip up.
Adobe's proprietary Flash Player and Air have been viewed as systems that are on the way out thanks to HTML5. However Adobe has forged ahead using Air as a way of getting pseudo-Flash applications on Apple's IOS devices, and with Flash Player 11 it touts improved hardware accelerated graphics.
Adobe Flash Player 11's and Air 3's hardware acceleration engine, called Stage 3D, is being touted by the firm as having 1,000 times faster rendering than Flash Player 10. This has led the firm to claim that Flash programmers can now create console quality games with the ability to animate millions of on-screen objects.
To show off, Adobe has some pretty impressive Flash 11 demonstrations, but of wider interest will be the fact that Flash Player 11 will natively support 64-bit browsers in Linux, Mac OS X and Windows. Until now 64-bit support was very limited, with the firm itself saying, "Flash Player [10] does not run in most 64-bit browsers."

Firm confesses to a feckless fumble
By Dave Neal
Wed Sep 21 2011, 15:55
SOFTWARE HOUSE Microsoft has revisited the outage that affected its Live services earlier this month and explained that it was a Domain Name Service (DNS) issue that left users locked out.
The outage that happened on 8 September saw users unable to access glorious Microsoft services like Hotmail and Skydrive. Although it was doubtless annoying for users, no data was lost and the problems were in fact just down to a software update and a corrupted DNS file.
"A tool that helps balance network traffic was being updated and the update did not work correctly. As a result, configuration settings were corrupted, which caused a service disruption," wrote Arthur de Haan, VP of Windows Live Test and Service Engineering. "We determined the cause to be a corrupted file in Microsoft's DNS service."

Following hacks on a Japanese weapons manufacturer, can we start talking about cyber war with confidence?
By Tom Brewster, 21 Sep 2011 at 12:16

ANALYSIS Say the words ‘cyber war’ when referring to online attacks and you will find yourself on the wrong end of a tongue lashing when amongst certain security professionals.

Why? Because it’s difficult to ascertain whether any cyber strikes have been an act of war. There is simply no guarantee that anyone is correct when saying a hack was carried out by a nation state, largely because of a lack of corporeal proof.

We are going to see a new revolution, focusing on information operations and cyber warfare.
Yet there is a general acceptance that nation vs. nation hacking is a reality. The problem lies in the lack of 100 per cent certifiable proof.

This week saw another significant moment in the history of cyber warfare. Mitsubishi Heavy Industries (MHI), one of Japan’s major weapons suppliers, admitted 45 of its servers and 38 computer terminals were infected.

20-line patch targets plaintext recovery exploit
By Dan Goodin in San Francisco • Get more from this author
Posted in Security, 21st September 2011 17:36 GMT
Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol.

The fix, which has already been added to the latest developer version of Chrome, is designed to thwart attacks from BEAST, proof-of-concept code that its creators say exploits a serious weakness in the SSL protocol that millions of websites use to encrypt sensitive data. Researchers Juliano Rizzo and Thai Duong said they've been working with browser makers on a fix since May, and public discussions on the Chromium.org website show Chrome developers proposing changes as early as late June.

Microsoft issued a statement to notify people that one of their Gold partners has been blacklisted after making scam calls to people, alerting them of fake virus infections.

India-based computer support service Comantra has been supposedly making phone calls to individuals in the U.S., U.K and Australia, posing as Microsoft personnel in the attempt to dupe computer users into believing that their machines were malfunctioning. They'd then offer to fix the issue in exchange for certain amounts of money.

According to PC Pro, the ill-intended calls were made since 2009 and even if the Redmond company was previously warned about the whole operation, no action was taken up until now.

People have been receiving emails containing lawsuit threats from nonexistent companies which claim that their email addresses are being bombarded with unsolicited messages.

Subject such as We will be impelled to sue you, We are going to sue you, You are sending add messages or A message from our security service were discovered by Mxlabs experts who claim that this is actually a Trojan spreading campaign launched toward unsuspecting internauts.

The email seems to come from ICI Investment <spam@ici.org> which threatens the recipient that they will file a complaint because allegedly “Your email is sending spam messages! “

“We’ve attached a scanned copy of the document assembled by our security service to this letter. Please carefully read through the document and stop sending spam messages,” warn the angry company representatives.

The zip attachment that should contain the document actually contains a 45k executable file that was detected as being a Trojan.Downloader.JOPJ.

This particular virus makes a copy of itself in the StartUp folder of the system, thus making sure it is run every time the computer is restarted. Like many Trojans, it connects to external URLs in the attempt of downloading other malicious files.

Critical vulnerabilities identified in the 10.3.183.7 version of Flash Player and in the 10.3.186.6 of the one designed for Android made it necessary for Adobe to release new variants for each, to cover the weak links that might allow attackers to penetrate your device's protection.

The early versions were exploited by hackers and utilized to trick people into clicking on malicious links sent in email messages.

The developer recommends that anyone who has one of the previous versions update to the current Flash Player 10.3.183.10, respectively 10.3.186.7 on Android machines.

Adobe Flash Player 10.3.183.7 Windows, Mac, Linux and Solaris clients can upgrade to the latest release from within the product using the auto-update feature or from here, while Android fans can get the new application from Android Market.

Because the fresh security modifications resolve a universal cross-site scripting problem that could be utilized to perform actions on behalf of the user on any website or webmail provider if a malicious website is visited, it is imperative that everyone makes the upgrade as soon as possible.

After Symantec recently prepared the release of a single-license security solution for multiple devices, now it's Kaspersky's turn to come up with something similar. Because the competition is tight, the latter planned the launch for October.

Cloud-based and multi-device services seem to be the new craze among security solutions providers who are in a permanent battle to bring innovation to the market. And because originality has gone down the drain, the Kaspersky product will also be called One, just like Norton's.

Kaspersky ONE is a universal solution that should offer comprehensive protection to all the apparatus owned by an individual, taking away the concerns and difficulties created by multiple licenses.

ONE will be available in the United States, United Kingdom and Ireland starting with October 17, 2011 and it can be purchased in combinations for three, five or ten computing machines.

Fears over the security credentials of SSL rise after researchers claim to have found a way to exploit a long-known vulnerability.
By Tom Brewster, 22 Sep 2011 at 16:18

Researchers have found a way to exploit a long-known flaw in TLS (Transport Layer Security) that could undermine the security credentials of the SSL cryptographic protocol and affect millions of sites.

The attack methodology, due to be presented by Juliano Rizzo and Thai Duong at the Ekoparty conference this week, targets TLS version 1.0 and SSL 3.0.

As millions use those protocols to protect certain web transactions, millions of sites could be affected. Major companies, including PayPal and Google, use TLS version 1.0.

Fixing the vulnerability that BEAST exploits may require a major change to the protocol itself.
Rizzo and Duong have created a tool called BEAST (Browser Exploit Against SSL/TLS) to attack the AES encryption algorithm used in TLS and SSL.

Agree to act, just not how
By Andrew Orlowski •
Posted in Law, 22nd September 2011 14:22 GMT
Exclusive Leading UK ISPs are now privately agreed on the principle of restricting access to websites in response to hastily obtained court orders, according to sources close to discussions that took place in Westminster this week. The shift follows the landmark Newzbin2 ruling in July, which affirmed the responsibility ISPs have to enforce copyright laws.

However, the structure and processes acceptable to both ISPs and creative industries have yet to be tabled, and significant concerns remain in the Internet industry over legal issues and costs.

The Chrome team is happy to announce the arrival of Chrome 15.0.874.24 to the Beta channel for Windows, Mac, and Chrome Frame and 15.0.874.21 for Linux.

Chrome 15 contains some really great improvements including:
A brand new New Tab Page
Javascript Fullscreen API is now enabled by default
Chrome Web Store items can now be installed inline by their verified site (more information for developers can be found here.)
Omnibox History is now an additional sync data type
More on what's new at the Official Chrome Blog.

You can find full details about the changes that are in Chrome 15 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

But it doesn't really matter because IPv6 is coming anyway so you might as well get prepared.

By Elizabeth Harrin | September 22, 2011 Share

IPv6 is the next-generational internet protocol, designed to give us more IP addresses. Back in the day when no one dreamed that toasters would one day be connected to the Internet, the idea that the number of IP addresses in the world would run out was silly. Today, the growing number of connected devices means we need more IP addresses, and IPv6 is the way to achieve that. Unfortunately for network administrators, it's a new technology stack that hasn't yet been fully scrutinized by security experts.

By eSecurityPlanet Staff | September 22, 2011 Share
According to G Data Software researchers, a new botnet builder called Aldi Bot is now available online for as little as $8.

"The bot’s initial application was to carry out distributed denial of service (DDoS) attacks, use its victim’s PC as a proxy, steal passwords from Mozilla’s Firefox browser and carry out the remote execution of any file," writes Threatpost's Christopher Brook.

The Dev channel has been updated to 16.0.889.0 for Windows, Mac and Chrome Frame. Due to known bug, Linux isn't updated.
Updated V8 - 3.6.4.0
FTP: fixed compatibility with servers which send 451 response for CWD command. (Issue 96401)
Windows and Mac: Enabled multi-users (multi-profiles) by default.
Fixed many known stability issues.
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

The Chrome team is happy to announce the arrival of Chrome 15.0.874.24 to the Beta channel for Windows, Mac, and Chrome Frame and 15.0.874.21 for Linux.

Chrome 15 contains some really great improvements including:
A brand new New Tab Page
Javascript Fullscreen API is now enabled by default
Chrome Web Store items can now be installed inline by their verified site (more information for developers can be found here.)
Omnibox History is now an additional sync data type
More on what's new at the Official Chrome Blog.

You can find full details about the changes that are in Chrome 15 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

In a very short time the SSL BEAST research will be revealed and web browser vendors will have to come up with ingenious ways of protecting their products not to lose the admiration of their fans.

The easiest way to fix the problem would be to upgrade to the newer versions of the security protocols implemented so far. For instance, TLS 1.1 and 1.2 are insusceptible to the attack but the problem is that most websites don't support these types of encryption protocols.

As mentioned in a previous article, Opera has already successfully incorporated the improved protocols and they're activated by default. However, if internauts are experiencing problems, they can disable the advanced encryption, leaving the browser vulnerable in front of attacks.

As Opera researchers discovered, this upgrade process is a double-bladed sword. Even though TLS 1.1 and TLS 1.2 are relatively old, they have not been enforced by website builders. On the other hand, website builders have not implemented the new encryption because they fear that if their customer's web application is incompatible, they'll lose a large part of their business.

Internet Explorer 9 has the ability to protect users against SSL attacks but only if they activate the later versions manually. The downside is that if the accessed webpages don't support these variants, the site's visitors will not be able to properly access the content.

According to the Threat Post, Google officials are patching up Chrome as we speak, their only fear being that they might have to make a forced release of the product that might be caused by hacking activities.

Mozilla's Firefox is by far the last. Their products only support SSL 3.0 and TLS 1.0 which are highly vulnerable to the BEAST's attack.

Malware that sticks to a web browser is no news to anyone, but now, a new threat has been discovered that after infecting Internet Explorer, it drops a piece of spyware onto your Firefox.

With the aid of Bitdefender, MalwareCity identified the virus as being Trojan.Tracur.C. When Internet Explorer users decide to update their Flash Player, the rogue plug-in that compromises the browser also infects Mozilla Firefox by snapping a malicious add-on to it .

Trojan.JS.Redirector.KY monitors all the webpages loaded in Mozilla's browser. Once the unsuspecting internaut types the URL address of a search engine, such as Yahoo, Bing or Google, a piece of Java Script code gets injected into the resulting pages, making sure that the first link points to a malware containing location.

Microsoft is in the process of migrating hundreds of millions of Windows Live Hotmail users and their accounts to a new storage system delivering better performance, enhanced reliability, superior disaster recovery capabilities and more scalability than before.

Kristof Roomp, an architect in the Hotmail team explains that the Redmond company is implementing some changes to the infrastructure that powers Hotmail. Essentially, while the software giant’s technologies, such as Windows Server and SQL Server continue to be at the backbone of the email service, the new storage system no longer uses RAID (Redundant Array of Inexpensive Disks) hard drives.

This is only part of the evolution story of the new Hotmail storage system. Microsoft is also starting to implement newer SSDs, or Solid State Drives, in addition to the older HDDs.

The rollout has already received green light after the company tested the Hotmail upgrade on a cluster that housed the accounts of Microsoft volunteers.

Experts suggest SSL changes to keep BEAST at bay
Google protected. PayPal? Not so much
By Dan Goodin in San Francisco •
Posted in Security, 23rd September 2011 21:15 GMT

With just a few hours until researchers unveiled an attack they say decrypts sensitive web traffic protected by the ubiquitous secure sockets layer protocol, cryptographers described a simple way website operators can insulate themselves against the exploit.

The recommendations published Friday by two-factor authentication service PhoneFactor, suggest websites use the RC4 cipher to encrypt SSL traffic instead of newer, and ironically cryptographically stronger, algorithms such as AES and DES. Google webservers are already configured to favor RC4, according to this analysis tool from security firm Qualys. A Google spokesman says the company has used those settings "for years."

In stark contrast, eBay's PayPal payment service favors AES, making the site at least theoretically vulnerable to BEAST, the attack tool scheduled to be demonstrated Friday evening at the Ekoparty security conference in Buenos Aires. Short for Browser Exploit Against SSL/TLS, its creators say it targets a long-documented vulnerability in some encryption algorithms that cryptographers previously believed wasn't practical to exploit.

The Homeland Security Department and the National Institute of Standards and Technology have filed a note in which they propose the implementation of a voluntary corporate notification system that would alert consumers whenever a botnet or other malware infection is discovered.

Currently, both companies and individuals suffer a great deal because of malware plagues that take over their devices and use them to launch attacks on others.

Legal authorities in the United States have come up with a plan in which ISPs and other organizations that could pitch in, would share information about threats, alerting consumers when they notice their devices are taken over by malevolent forces.

Mozilla proposes 5X slower Firefox release tempo for enterprises
ESR channel would ship a new version every 30 weeks, support with interim security updates

By Gregg Keizer

Computerworld - Mozilla has proposed a significantly slower Firefox release pace for enterprises, the result of a corporate backlash earlier this year against an accelerated scheme that ships a new edition of the browser every six weeks.

If the proposal is adopted, Mozilla will deliver a new version of Firefox to enterprises every 30 weeks, five times slower than to consumers. During each 30-week stretch, Mozilla would issue only security updates for the browser. In addition, each enterprise edition would be supported for an additional 12 weeks after the release of its successor, assuring companies 42 weeks of support for each version.

Mozilla now discontinues security support for a specific version of Firefox as soon as the next in line appears.

A version of the Alureon Trojan was discovered hiding command and control backup locations in regular jpeg files. The images were posted on random domains so in case the virus couldn't contact the primary servers, it would make use of these encrypted addresses.

Microsoft researchers came across this form of the malware after a period of monitoring in which they've determined exactly the way the new Alureon does its job.

Win32/Alureon is part of the data-stealing family of trojans. Its multiple functionality allows its master to intercept private data, send distructive commands to the infected device, leaving behind a trail of damaged DNS settings. Keyboard and other drivers might malfunction after an attack from this specific malware.

A closer investigation revealed that that the new variant downloads an extra component file called com32 and after it was decrypted, its true purpose was discovered.

The new element actually tries to communicate with a number of image files hosted on a few blogs. The images contain a string of data that is interpreted by com32, allowing Alureon to obtain a list of C&C servers which he would seek to retrieve in the event that the primary hosts might become unavailable.

This technique of embedding a hidden code inside a message is called steganography and it seems as hackers are using it more often to strengthen their malicious programs.

According to the TechNet blog, the configuration files are masqueraded as pictures representing an old woman, a young man and a bowl of Chinese herbs and they're posted on Livejournal and Wordpress sites.

The threat is detected by most anti-virus applications so in order to protect your device and your data, make sure you have an up-to-date virus definition database and a properly configured firewall. Also beware of suspicious email messages as in many cases they're the ones responsible for spreading these infections.

SEPTEMBER 26, 2011Red alert: HTTPS has been hacked
Last week a tool was revealed that exploits a flaw in SSL and TLS. Will the industry respond fast enough?

By Roger A. Grimes | InfoWorld

Only a handful of exploits per decade reveal a vulnerability that is truly significant. Thai Duong and Juliano Rizzo's BEAST (Browser Exploit Against SSL/TLS) attack will rank among them because it compromises the SSL (Secure Socket Layer) and TLS (Transport Layer Security) browser connections hundreds of millions of people rely on every day.

BEAST cannot break the latest version of TLS -- the current standard based on SSL -- but most browsers and nearly all websites that support secure connections rely on earlier versions of the SSL and TLS protocols, which are vulnerable to BEAST attack. Browser vendors and websites that host secure connections are already scrambling to upgrade to TLS 1.1 or 1.2. How quickly that occurs depends on how many attacks occur in the wild.

The BEAST tool, presented last Friday at the 2011 Ekoparty Security Conference in Argentina, made real a theoretical SSL/TLS vulnerability first documented 10 years ago. It allows an attacker with previous MitM (man-the-middle) access to compromise a user's SSL/TLS-protected HTTPS cookie. This would allow an attacker to hijack the victim's active HTTPS-protected session or listen in on the previously cryptographically protected network stream.

MitM attacks are fairly easy to do when the attacker and victim are located on the same local network (such as wireless networks, VPNs, or corporate LANs). Some hacking tools, such as Cain & Abel, make MitM attacks and network packet sniffing truly a click of a button.

Internet users have been receiving spam emails alerting them that someone has sent them a Google Map link. In the end it turns out to be another Canadian Pharmacy scam that tries to attract unsuspecting victims into purchasing miracle medication.

Mxlabs discovered that the emails all have the same general structure as their subjects start with ‘Sent via Google Maps:’ and end with ‘A Maps link’, in between being placed a random name to make the whole thing look more realistic.

The links contained in the messages all seem to belong to different blogs, but actually, they all reroute to the same address bestrxs.com. For now the location is down, but it seems as the old pharmacy trick has returned in a new form.

According to Spam Trackers, the drugstore scam began a long time ago, one of the first cybercriminals accused of launching such a fake pharmaceutical website being Igor Anatolyevich Gusev, a Russian who owned the Glavmed organization, responsible for such a fraud.

In some cases, the Canadian Pharmacy becomes European or United Pharmacy, depending on the recipient of the email or the visitor of the page

Mortal Kombat, the recent reboot of the classic fighting franchise, has just received a pretty big update, solving a variety of issues and addressing balancing problems for almost all of the characters included in the title's roster.

The new Mortal Kombat has been a huge success, reaching impressive sales and finally delivering a successor to the gory and iconic arcade games that made the fighting series a part of gaming's most iconic franchises.

The game wasn't perfect, however, and things became increasingly problematic after the release of a variety of downloadable content for it, as the new costumes resulted in frequent 'desync' issues which prevented many players from engaging in online matches with others.

Thankfully, the development team at NetherRealm have published a massive patch over the weekend for the fighting game, addressing many issues and fixing balancing problems for almost every character included in the fighting game.

Google, Microsoft, Mozilla patch cracks in net's foundation of trust
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 27th September 2011 00:47 GMT
With the decrypting of a protected PayPal browser cookie at a security conference Friday, it became official: the internet's foundation of trust has suffered yet another serious fracture that will require the attention of the industry's best minds.

Within hours of the demonstration by researchers Juliano Rizzo and Thai Duong, Google researcher Adam Langley signaled his growing acceptance that secure sockets layer, the decade-old cryptographic standard that protects web addresses using the https prefix, was susceptible to an attack that previously was considered impractical. The result: by tampering with with an encryption algorithm's CBC – cipher block chaining – mode, hackers could secretly decrypt portions of the encrypted traffic.

“The CBC attacks were believed to be largely theoretical but, as Duong and Rizzo have pointed out today, that's no longer the case,” Langley wrote.

He went on say that, as previously reported, developers of Google's Chrome browser are experimenting with a work-around but are not yet sure if it will create incompatibilities with various websites. He also said Google SSL is highly resistant to the attack because it favors the RC4 cipher, which doesn't use CBC.

The Dev channel has been updated to 16.0.891.0 for Windows, Mac, Linux, and Chrome Frame.
Linux: Enabled Native Client for 32-bit Linux and also addresses a performance issue for Native Client on Intel Atom CPUs. [Issue: 92964], [nativeclient: 480]
Linux: Fixed fetching proxy settings on Gnome 3 systems when glib2-dev package is not installed. [Issue: 91744]
All: Fixed many known stability issues.
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

Chrome Beta Release
| 12:17
Labels: Beta updates

The Chrome team is happy to announce the arrival of Chrome 15.0.874.24 to the Beta channel for Windows, Mac, and Chrome Frame and 15.0.874.21 for Linux.

Chrome 15 contains some really great improvements including:
A brand new New Tab Page
Javascript Fullscreen API is now enabled by default
Chrome Web Store items can now be installed inline by their verified site (more information for developers can be found here.)
Omnibox History is now an additional sync data type
More on what's new at the Official Chrome Blog.

You can find full details about the changes that are in Chrome 15 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Rash of embarrassing open-source hacks spreads
By Dan Goodin in San Francisco • Get more from this author
Posted in Malware, 26th September 2011 19:21 GMT
Hackers recently compromised the website hosting the open-source MySQL database management system and caused it to infect the PCs of visitors who used unpatched browsers and plug-ins, security researchers said.

MySQL.com was infected with mwjs159, website malware that often spreads when compromised machines are used to access restricted FTP clients, a blog post from Sucuri Security reported. The hack caused people visiting the site to be redirected to a site that attempted to install malware on visitors' computers using code from the Blackhole exploit kit, separate researchers from Armorize said.

Dutch government sets DigiNotar certificate kill date
By David Meyer,
The Dutch government will on Wednesday revoke both of its certificates that had been issued by the hacked DigiNotar certificate authority.

The government said on Friday that there was no evidence the two certificates had been abused, but they were certainly compromised. DigiNotar suffered a break-in sometime before the end of August, which led to fraudulent certificates being issued. The Dutch government "denounced" its trust in DigiNotar's certificated shortly afterwards.

In some cases bogus DigiNotar certificates, which are intended to prove the authenticity of web services, have been used to launch man-in-the-middle attacks that intercept information. Microsoft, Google, Mozilla and Apple have all moved to protect their customers from the DigiNotar certificates.

Although the Dutch government does not appear to have been a victim, false certificates have been found for the intelligence services of the UK, US and Israel, as well as for online organisations such as Skype, Twitter, Facebook and the Tor project.

Download Firefox 7 Final
Firefox 7 has been wrapped up and is now available for download to end users, some six weeks after downloads of Firefox 6, its predecessor, were given green light.

As it was the case with Firefox 6, Mozilla has yet to announce the availability of Firefox 7 officially.

However, the new release of the open source browser is already up for grab via the company’s FTP servers, even though, at the time of this article, Mozilla was continuing to offer Firefox 6 as the last stable release.

A useful extra with a Yahoo Mail account is the option to create up to 500 disposable email addresses if you want to sign up to a website without getting spam emails.
Sign in to your account and click on the Options tab. Click on Disposable Email Addresses in the left-hand column and then Add Address.
Enter a name used by all the disposable accounts; it will suggest others if the name has been taken. Click Next and then enter a word for a disposable address.
Select where messages should go, and the name that should appear. Click Save.
Arthur Davies

Computerworld - Although Mozilla will urge users to stick with Firefox's rapid release schedule, there's nothing in a current proposal to prevent them from adopting the much slower tempo meant for enterprises.

Last week, the open-source developer unveiled a plan that, if approved, will deliver a new edition of Firefox for corporations every seven-and-a-half months, five times slower than the six-week pace the company kicked off earlier this year.

Interim updates issued between the every-30-weeks release of a new edition will patch the most serious security updates, according to the plan Mozilla has labeled "Extended Support Release," or ESR.

Mozilla has not yet named the new edition, but several labels have been floated, including "Firefox ESR" and "Firefox Enterprise Edition."

The ESR proposal was Mozilla's reaction to criticism last June from enterprise IT managers, who said that the rapid release schedule forced companies to choose between running an untested browser or one with known vulnerabilities.

Users and developers cited a number of reasons why consumers might want to use the less-frequent ESR builds, including problems with add-ons unable to keep up with the six-week cadence, and a desire for fewer updates on machines they "support" for family and friends.

The every-30-weeks Firefox may also be just "good enough" for many users, one Mozilla developer argued.

"The reason I expect a lot of users to switch to these ESR builds is not because they want extensions to work or because of any one issue that we can fix in the future," said Cheng Wang on the mozilla.planning.dev discussion group last week. "It's simply because Firefox works 'good enough' right now and they don't want to have to deal with change."

There was nothing in Mozilla's proposal that indicated a technical barrier to non-business users climbing on the ESR train. But Mozilla will, at the least, discourage others from adopting the slower release schedule.

"We want to ensure it will be an explicit choice to select the ESR and we won't recommend it for individual use," said Kev Needham, Mozilla's channel manager, in an email reply to questions. "The ESR is targeted specifically at organizations who face the challenges it addresses, not individual users."

Needham, however, said that the details of the plan were "to be determined," perhaps leaving open an option that would make it difficult, if not impossible, for individuals to grab the ESR editions.

Facebook scams represent a real threat because of the fact that Like buttons and other widgets are all over webpages. The new tool will instantly alert the customer if something's fishy.

Likejacking is used by hackers to fool social media network members into sharing and spreading spam and other malicious content.

As a form of Clickjacking, it's considered to be a social engineering attack in which victims are duped into clicking malevolent hidden links contained in a page.

The new plug-in is available for three of the most commonly utilized browsers, Mozilla Firefox, Google Chrome and Apple's Safari so most Facebook enthusiasts can benefit from its purpose.

The first feature offered by the extension is the fact that it immediately informs you if Facebook widgets are present on the current web location and if they are hidden or not. Then, if the element is detected as being malicious you are warned about the threats.

Scammers pretend to be friendly office printers
A new ruse for infecting computers wtih malware has been spotted by researchers at Symantec

By Jeremy Kirk

IDG News Service - Hackers have found a new hook to trick people into opening malicious attachments: send emails that purport to come from office printers, many of which now have the ability to email scanned documents.

"This is a new tactic we haven't really seen before," said Paul Wood, senior intelligence analyst for Symantec.cloud, the company's Web-based security and email branch.

The emails invariably contain some kind of Trojan downloader, which can be used to download other malware or steal documents from the computer.

Symantec published examples of the emails collected recently in its latest monthly Symantec Intelligence Report, released on Tuesday. The emails at first glance look quite convincing, with a subject line "Fwd: Scan from a HP Officejet." The email reads "Attached document was scanned and sent to you using a Hewlett-Packard HP Officejet 05701J" and then "Sent by Morton."

Wood said it is common for the scammmers to spoof the sender's name and make it appear the email came from the same domain as the one that belongs to the recipient. Some of the messages captured by Symantec appear to be at a cursory glance internal company email, which makes it more likely that the person who receives the message will open the attachment.

No fix for BEAST SSL/TLS attack yet
By Lucian Constantin
Wed Sep 28 2011, 14:23
OPEN SOURCE SOFTWARE HOUSE Mozilla has released updated versions of its Firefox and Thunderbird products that address critical vulnerabilities and have other security improvements.
The release of Firefox 7 is important because the new version features better memory management and is the first step in Mozilla's long term plan to make the browser more resource friendly.
Nevertheless, users who upgrade to it will also benefit from improved security as this release fixes six critical and two moderate severity security vulnerabilities.
Four of the critical patches are shared with Thunderbird 7 and address a use-after-free condition with OGG headers, an exploitable crash in the YARR regular expression library, a code installation quirk involving the Enter key and multiple memory hazards.
A moderate severity patch that provides defence against multiple Location headers caused by CRLF injection attacks is also common to both products.
In addition to these patches Firefox 7 also contains fixes for two critical and one moderate severity vulnerabilities, with one of them resulting in a potentially exploitable WebGL crash.
It's worth pointing out that Microsoft previously motivated its decision to not include support for WebGL in Internet Explorer by saying that the 3D graphics library opens a large attack surface.
So far several serious vulnerabilities have been identified and patched in WebGL, which partially supports Microsoft's assessment, but the library's supporters claim this is no different than with other technologies.
Firefox 7 also updates Websocket, a protocol disabled in the past because of security issues, to version 8, which is no longer vulnerable to known attacks.
Unfortunately, Mozilla has not yet developed a fix for a recently disclosed attack against SSL/TLS, despite having worked on the problem since June. Developers are still trying to find a resolution that will break as few websites as possible, but at this point it's not even certain that a fix will be included in Firefox 8. µ

Five products hit in 99.8% of hacks
By John Leyden •
Failure to patch third-party applications has become the main reason that Windows machines get infected with malware.

Drive-by download attacks from hacker-controlled websites loaded with exploits replaced infected email attachments as the main distribution method for malware somewhere between three to five years ago. At the start of this period browser exploits were the main stock-in-trade for VXers but this has changed over time, as a study by Danish security firm CSIS and published on Tuesday illustrates.

Up to 85 per cent of all virus infections happen as the result of drive-by attacks served up via commercial exploit kits, CSIS reports. The security consultancy, which specialises in e-crime research, monitored the behaviour of 50 different exploit kits over a period of three months, analysing the causes of infection of both commercial and consumer systems.

The study discovered that 31.3 per cent of 500,000 users who were exposed to exploit toolkits were secretly force-fed malware as a result of missing security updates.

Hot and bothered over browser patches
Online Trust Alliance and a host of companies are pushing websites to notify people when they're using an outdated browser, but businesses need to do more

By Robert Lemos | InfoWorldFollow @infoworld

The browser has become the unlatched door through which attackers break in and compromise computers. The starting point for securing that portal is to ensure the browser is up-to-date, yet more than 40 percent of browsers used to visit major websites have not been updated to eliminate the latest security flaws.

In the business world, there's a complication: Often legacy browsers are required to run or connect to critical applications. How else to explain the unyielding market share of the easy-to-compromise Internet Explorer 6? Nearly 10 percent of users are browsing external websites using IE6, another 6 percent running IE 7, and 7 percent running the out-of-date Firefox 3.6, according to Web metrics site NetMarketShare.

Microsoft is preparing to release an update version of the free Malicious Software Removal Tool designed to help identify and clean zombie computers that are part of the Kelihos / Waledac 2.0 botnet.

Richard Domingues Boscovich, Senior Attorney, Microsoft Digital Crimes Unit announced on September 27, 2011 that the Redmond company had taken down Kelihos, which it believes was operated by either the same people as those behind Waledac 1.0 or by other cybercriminals, but using large portions of the original Waledac code.

Boscovich indicates that over 41,000 zombie PCs worldwide are infected with Kelihos, which makes it a small botnet, but nonetheless, since it managed to severe the links that allowed the attackers to command the computers under their control, the software giant also debuted the cleaning process.

The Kelihos takedown was done in ‘Operation b79,’ Microsoft’s third Project MARS (Microsoft Active Response for Security) initiative, after the one focused on the original Waledac and Rustock.

“The Microsoft Malware Protection Center will add the Win/32 Kelihos family in a second release of the Malicious Software Removal Tool later today to help minimize the malware’s future impact. And, as we have since the beginning of our botnet takedown initiative, we continue to provide free tools and information to help customers clean and regain control of their computers at http://support.microsoft.com/botnets,” Boscovich said.

The Metro GUI is the most visible representation of Microsoft's coming operating system. While the release of the tentatively named Windows 8 is still a year away, the company has not been shy about putting the multicolor tiled interface front and center.

Windows 8's security improvements will be much less visible, and that's just the way Microsoft wants it. The company has added a number of protection features to Windows 8 to better protect the system, all the while making the security less intrusive by limiting the number of notifications a user may receive.

For example, the company's SmartScreen technology for detecting potentially malicious sites -- introduced with Internet Explorer 8 -- will be built right into the OS to allow any file downloaded to a Windows 8 computer to be checked out by the system, yet the protection should not alert the average user more than twice a year, Microsoft says.

More than 20 million computers are infected by Conficker, TDSS, Zeus and Koobface, according to Kaspersky Lab.

By eSecurityPlanet Staff |
According to Vitaly Kamluk of Kaspersky Lab, more than 20 million computers are infected by the four leading botnets.

"The largest botnet is Conficker, with more than 8 million infected hosts, followed by TDSS with more than 5.5 million, Zeus with more than 3.6 million, and Koobface with more than 2.9 million, according to Kamluk, chief malware expert for Kaspersky Lab’s Global Research and Analysis Team," Infosecurity reports.

"He told a web conference today that there are currently more than 53,000 botnet command-and-control servers on the Internet," the article states.

'Horrible user experience' for your own good
By Dan Goodin in San Francisco • r
Posted in Enterprise Security, 29th September 2011 01:02 GMT

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.

The move, which would prevent Firefox from working with scores of popular websites and crucial enterprise tools, is one way to thwart a recently unveiled attack that decrypts traffic protected by SSL, the cryptographic protocol that millions of websites use to safeguard social security numbers and other sensitive data. In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account.

Short for Browser Exploit Against SSL/TLS, BEAST injects JavaScript into an SSL session to recover secret information that's transmitted repeatedly in a predictable location in the data stream. For Friday's implementation of BEAST to work, Duong and Rizzo had to subvert a safety mechanism built into the web known as the same-origin policy, which dictates that data set by one internet domain can't be read or modified by a different address.
The researchers settled on a Java applet as their means to bypass SOP, leading Firefox developers to discuss blocking the framework in a future version of the browser
Read more at :-http://www.theregister.co.uk/2011/09/29/firefox_ki...

Siber System just released earlier today an update for their online form filling software, AI RoboForm. Version 7.5.1 focused around squashing various bugs when used with Firefox.

The fixes are supposed to eliminate the appearance of mini-dialogs in wrong places, and prevent Firefox from closing when pages such as united.com are accessed; moreover, RoboForm 7.5.1 no longer supports Firefox 3 but instead embraces the latest versions of the browser, 4 to 7.

Despite these improvements as far as working under Firefox is concerned, a recent message from the company on Facebook advises you not to follow with the update and stick to the version you have.

Users’ comments to the post range from reports about the latest RoboForm crashing Firefox 7 and incorrect display of the form filler's icons to no issue at all.

Another Spam Sham
Google calendars are widely used to send memos and invites to friends and acquaintances and because these invites are fairly trusted, spammers were discovered launching social engineering maneuvers hidden within them.

A 419 scam was discovered the by Sunbeltblog masqueraded in such an invitation and for the unlucky people who receive this and use Outlook, the request is automatically accepted and a pop-up window will appear as an alert.

The message read “I Mrs. Jamilah Ali from U.S.A. I have been married to Mohd Bin Ali, an engineer from Saudi Arabia. We were officially married on October 10, 2004. At that time he was working as contract employees in a company engaged in drilling and oil pipelines, gas and fuel, based in Singapore. His lease expires in 2006. We then moved in their home country Saudi Arabia together with our daughter.”

It then explains that her husband, who had died, left a few millions in a bank account and she wants to transfer the sum to you in order to get it out of the country.

After a little digging I discovered that the scheme is not new and neither is the text, but I wanted to highlight the fact that even if something comes in the form of a Google product, that doesn't mean you have to trust it.

As we've seen lately, scam artist will take advantage of any piece of new technology or story to earn your trust.

The alarming thing is that probably thousands of these emails are sent and the fact that they keep coming is a clear indication that there are still people who give into these shams.

Moxie Marlinspike's Convergence gets show of support
By Dan Goodin in San Francisco
Posted in Enterprise Security, 30th September 2011 05:00 GMT

San Francisco-based security firm Qualys is throwing its support behind an experimental project designed to improve the security and privacy of website authentication by reducing reliance on certificate authorities that issue secure sockets layer credentials.

The Convergence project was devised by Moxie Marlinspike, a security researcher who has exposed repeated flaws in the SSL system that serves as the internet's foundation of trust. At the Qualys Security Conference in San Francisco on Thursday, the company said it was financing and running two new notary servers that Convergence users query to make sure the SSL certificate being offered by a given site is legitimate.

Most of the weaknesses Marlinspike has documented stem from the unwieldy number of organizations – about 650 by his count – authorized to cryptographically sign the certificates that PayPal, Gmail, and millions of other services use to prove their https-appended websites are authentic rather than easily forged counterfeits. With so many digital stamps, there are too many single points of trust. All it takes to subvert the system is for one of them to suffer a security breach like the one that hit Netherlands-based DigiNotar.

In stark contrast to the public key infrastructure at the heart of the SSL system, Convergence relies on a loose confederation of notaries that independently vouch for the authenticity of a given SSL certificate. Thursday's announcement by Qualys that it will run two of the servers is an important endorsement of the alternative project.
Read more at :-http://www.theregister.co.uk/2011/09/30/qualys_end...

Chrome poised to take No. 2 browser spot from Firefox
StatCounter's data points to a December 2011 take-over by Google's browser as the second-most-popular behind Internet Explorer
By Gregg Keizer | Computerworld

Google's Chrome is on the brink of replacing Firefox as the second-most-popular browser, according to one Web statistics firm.

Data provided by StatCounter, an Irish company that tracks browser usage using the free analytics tools it offers websites, shows that Chrome will pass Firefox to take the No. 2 spot behind Microsoft's Internet Explorer (IE) no later than December.

As of Wednesday, Chrome's global average user share for September was 23.6 percent, while Firefox's stood at 26.8 percent. IE, meanwhile, was at 41.7 percent.

The climb of Chrome during 2011 has been astonishing: It has gained eight percentage point since January 2011, representing a 50 percent increase.

'Pleasepleaseplease someone come up with a solution to this!'
By Dan Goodin in San Francisco •
Posted in Enterprise Security, 30th September 2011 17:24 GMT
Users of Google's Chrome browser are in an uproar after antivirus software from Microsoft classified it as virulent piece of malware that should be deleted immediately.

On Friday, a faulty signature update for both Microsoft Security Essentials and Microsoft Forefront incorrectly detected the Chrome executable file for Windows as a component of the notorious ZeuS trojan, one of the better-known pieces of malware used to steal victims' bank account credentials. Microsoft fixed the problem a few hours later, but by then the false positive had left huge numbers of Chrome users without bookmarks and browser plugins they rely on to access commonly used webpages and services.

“Worst impact has been for people who are long-time chrome users, as all of their bookmarks and sessions are configured in chrome,” one affected Reg reader wrote in an email. "Most annoying is the required reboot which causes productivity loss, esp for people who run VMs and such on their desktop as it can take a while to get everything back up and going.”

Spiderowych asked the Windows forum if he will be "doomed" if he doesn't upgrade from XP to Windows 7.

In general, I recommend moving up to Windows 7, but I don't consider it an absolute must. Refusing to upgrade your operating system will not doom you to a life of drudgery or turn you into an anachronism. I know people still using Windows 98 who lead happy and meaningful lives.

Microsoft still supports Windows XP, and will continue to do so until April 2014. By then, the operating system will be more than 12 years old. Windows 98 was just over eight years old when Microsoft stopped support.

What does it mean when Microsoft stops supporting an OS? Updates, mainly. At that point, the folks in Redmond will no longer patch security holes and fix problems. (Oddly, they will continue to support Windows 7's XP Mode. You'd assume that patching one means you can easily patch the other.)

This may not prove to be a serious security risk. After 12 years, there may be little left in XP to patch. Besides, malware written in 2014 probably won't be designed to exploit an old and outdated OS.

If you're using a search engine today to find a download of Firefox 7, be careful about the results you click on. That's because a dubious website called Firefox7.org appears high up in those results.

The site was discovered Wednesday by Sophos security expert Graham Cluely when doing a routine search on "Firefox 7."

Firefox7.org has no relationship with the browser's maker, the Mozilla Foundation, Cluely wrote in the Naked Security blog. The site is registered to someone in China named Xiaojuan Zhang, who lives in Shenzhen in Guandong province.

A software piracy ring located in Shenzhen was broken up by the FBI and Chinese authorities in 2007. Another resident of that city was arrested by the FBI and sentenced to 30 months in prison last year for exporting counterfeit Cisco products into the United States from a company he set up in Shenzhen.

Clueley could not find anything overtly malicious about the site, other than it appeared to be a way to scrape money from visitors through Google AdSense ads. The site does beg a few questions, however. For instance, if the site's author is a Firefox fan, why isn't there a link to a real download page for Firefox7 instead of a bunch of Blogspot links?

Cities could soon be looking after their citizens all by themselves thanks to an operating system designed for the metropolis.

The Urban OS works just like a PC operating system but keeps buildings, traffic and services running smoothly.

The software takes in data from sensors dotted around the city to keep an eye on what is happening.

In the event of a fire the Urban OS might manage traffic lights so fire trucks can reach the blaze swiftly.

The idea is for the Urban OS to gather data from sensors buried in buildings and many other places to keep an eye on what is happening in an urban area.

The sensors monitor everything from large scale events such as traffic flows across the entire city down to more local phenomena such as temperature sensors inside individual rooms.

The OS completely bypasses humans to manage communication between sensors and devices such as traffic lights, air conditioning or water pumps that influence the quality of city life.
More at :-http://www.bbc.co.uk/news/technology-15109403

Stable and Beta Channel Updates
Saturday, October 1, 2011 | 10:00
Labels: Beta updates, Stable updates
The Chrome Stable channel has been updated to 14.0.835.187, and the Beta channel has been updated to 15.0.874.58. These updates should help repair Chrome installs that were broken due to the issue with Microsoft Security Essentials, discussed on the Chrome Blog. If you find any new issues, please let us know by filing a bug.